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■ Excursus on Randcm ‘28 May 1954 

1:^ H. Campaigne 

Many cipher systems depend on a stream of ‘'random" Infoimation^ 
called "key". This concept of rand(xn is a very elusive one. Random 
can be defined to a certain approximation in mathematical terns, and 
this approximation can be tightened to any extent one is willing to 
xmdertake, but it is still an approximation to our elusive concept. 



A dictionary gives for "at randcm; without aim, direction, rule, 
of method; ha|diazard, aimless; irregularly". It lists as antonyms, 
“ld.anned, designed, considered, d^iberate". To the cryptologist it 
means "\inpredictable". Mathematically it is a. process, not a finite 
sample, ^ich is random. Ry a process I mean a procedure which on 
demand will produce digits indefinitely such that each digit occurs 
1 of the time, each possible pair of digits occurs 3^ of the time, 

10 ^ 

and so forth, until for seme n each of the lO*^ combinations of n 
letters occur 1 of the time. Clearly in a practical ease we can 




test only a finite sample, and must limit our testing to some maxinium n . 
It is the finiteness of the number of statemexits whicdi makes this 
definition fall short of the ideal of random. For example, suppose wel, 
take n *= 3 > and have each digit occur 1 _ of the time, each pair 1 . 

10 100 

and each triple 1 of the time. Now if we take the following example 
1000 

we see that it satisfies the three criteria approximately but is per-* 
fectly predictable from any 4 consecutive digits. This process is 
defined induction. Let d^^ = ■*" ^-3 select d^^, d. 2 » d^. 



and d, 



arbitrarily, , This process almost but not cpite fits the 3 criteria. 



The mathematical rule given above is too rigid, of course. One 
can change it to read thus: In any sample of M dd^ts the number of 

occurrences of a specific n-nome will differ from M by 

icf 

more in only a small number of cases. Here S is a suitably chosen 
number, say 3, and the number of exceptions to the rule is chosen 
accordingly, say once in 10,000. This definition is harder to apply. 
If we apply it to our counter-exampLe we find that^passes for n = 3 
or less. Here is another sequence it" 




999887653184923154690 r — 









L'- U-- 



KEF ID:A66757 




> 1^1 ch is also tmiquely deteznined "by asity 4 adjacent digits (and the 
rule of generation). 

The important property for a cryptanalyst is predictability. If 
from a small stretch he can predict the rest^ then no other property is 
of any significance; the ciry^analyst cw gaess at plain-text ^ derive 
keyj predict more key, and ver^y his guess. Therefore the problem of 
reading any message is solved, in theory at least. Even if the pre-- 
\ diction is only statistical the ozyptanalyst can use the information. 

He can do this in two ways: He can search for ^"cliche's" or long repeats 
in the key. Or he can use the fact, if it is a fact, that digits tend 
to. be alike. 

How this last is usable, even if the key came from a stochastic 
process vihich is unpredictable -except that the digits come with various 
probabilities. Thus we see that the mathematical definition given above 
is a necessary condition for seciire key. Whether it is stiff icient is , 
another question, 

' On the other hand key can be predictable and yet be becure in the 
following sense. If the law of gaieration of the key (assumed to be, 
reproducible by the legitimate recipient) is unknown to.. the crypt- 
analyst, and if he is unable to reconstruct it 'from the data at hand, 
then so far as he is concerned it is, unpredictable, .Thus "predictable'' 
is a subjective tern.- It is this theory .idiich has been widely used by- 
ciyptographers, vho attempt to design laws ..of generation- so complex 
that they believe reconstruction is virtually impossible. • Many U, S, 
systems are based on this theory, and thei'key is frequently referred 
to as ''random", " 

To return to the mathematical definition of random, - This definition 
has two drawbacks from the viewpoint of the cryptographer. One is that 
it says nothing about predictability, and the other is that for true 
random the definition states an infinite number of conditions. It is . 
impossible of course for any periodic process to satisfy all these 
conditions, and it is equally Impossible to set up a law of generation 
(reproducible) which will satisfy all of them. It is not practicable 
for a law' of generation to satisfy more than a few of the conditions. 

A standard procedure for a cryptanalyst is to check his material against 
these conditions one at a time, the simplest first. Ebq>erlence has 
shown that usually some of the simpler conditions are not satisfied, 
and the way these conditions are violated generally gives clues to the 
law of generation. Only the woik of . checking the conditions, and the 
small size of the sample of key, prevents’ this from being' a general 
solution. 
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We see then that the cjyptographer is on the defensive, trying to 
protect his material on each of an infinite number of sides with only 
finite, even sevearely limited, resources. The cryptanalyst, being on 
the offensive, has (^y to find a side which is undefended. 
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